Presentation is loading. Please wait.

Presentation is loading. Please wait.

2008 NetDefend Firewall Series Technical Training Firewall Fundamental - Part 2 ©Copyright 2008. All rights reserved.

Published byEugenia Riley Modified over 9 years ago

Similar presentations

Presentation on theme: "2008 NetDefend Firewall Series Technical Training Firewall Fundamental - Part 2 ©Copyright 2008. All rights reserved."— Presentation transcript:

1 2008 NetDefend Firewall Series Technical Training Firewall Fundamental - Part 2 ©Copyright 2008. All rights reserved

2 Hands-On 1.Publish Web Server that located in LAN side 2.WAN Load Sharing 3.IPsec Hub and Spoke

3 Hands-On 1 Publish Web Server that located in LAN side From DFL-1600 LAN user can access both DFL-210 and DFL-860 web server using Public IP 202.3.1.2 and 202.2.1.2 Each LAN Users of each DFL can access their own web server using their own public IP

4 Hands-On 1 Set WAN IP, WAN Subnet, WAN Gateway and assign one object for Web Server

5 Hands-On 1 Add SAT Rule

6 Hands-On 1 Add Allow Rule

7 Hands-On 1 Add NAT for LAN traffic Rule

8 Hands-On 1 Enable Log for each Rule, for troubleshooting purpose

9 Hands-On 1 Review all IP Rule Why do we must put LAN_to_WAN rule between SAT and Allow?

10 Hands-On 1 PC 1 : 192.168.1.100 LAN IP : 192.168.1.1 WAN IP : 202.1.1.2 Web Server : 192.168.1.50 PC 1 open web server using Public IP 202.1.1.2 192.168.1.100:1050  202.1.1.2:80 Firewall translate it to 192.168.1.50 192.168.1.100:1050  192.168.1.50:80 Web Server reply it directly to PC 1 192.168.1.50:80  192.168.1.100:1050 Reply packet will never arrive, because PC 1 expect reply packet come from 202.1.1.2 and not from 192.168.1.50 PC 1 open web server using Public IP 202.1.1.2 192.168.1.100:1050  202.1.1.2:80 Firewall translate it and doing NAT here 192.168.1.1:35879  192.168.1.50:80 Web Server reply it to Firewall first 192.168.1.50:80  192.168.1.1:35879 Packet send back to PC1 and restore both address translation 202.1.1.2:80  192.168.1.100:1050 Reply packet will arrive at PC 1 as expected

11 Hands-On 2 WAN Load Sharing Http Traffic goes through WAN 1 Telnet Traffic goes through WAN 2

12 Hands-On 2 Create object (IP, Subnet and Gateway) for both WAN

13 Hands-On 2 Make sure, there is no default gateway for both WAN interface

14 Hands-On 2 Add route for WAN1 with metric 10

15 Hands-On 2 Add another routing table Add route for WAN 2 with metric 0

16 Hands-On 2 Add routing rule for telnet traffic

17 Hands-On 2 Add IP Rules like this below :

18 Enable Log for each Rule, for troubleshooting purpose Hands-On 2

19 Hands-On 3 IPsec Hub and Spoke

20 Hands-On 3 Spoke Surabaya Local Net : 192.168.2.0/24 Remote Net : 192.168.0.0/24 (Hub Jakarta) and 192.168.1.0/24 (Spoke Bandung) Remote Gateway : 202.1.1.2 (Hub Jakarta WAN) Create Address Book like this below :

21 Hands-On 3 Create Authentication Object, for example : 1234567890

22 Hands-On 3 Add default gateway to WAN interface

23 Hands-On 3 Create IPsec for tunneling to Jakarta / Bandung

24 Hands-On 3 Create Interface Group like this below :

25 Hands-On 3 Create IP Rule for tunnel and put it on the top :

26 Hands-On 3 Spoke Bandung Local Net : 192.168.1.0/24 Remote Net : 192.168.0.0/24 (Hub Jakarta) and 192.168.2.0/24 (Spoke Surabaya) Remote Gateway : 202.1.1.2 (Hub Jakarta WAN) Create Address Book like this below :

27 Hands-On 3 Create Authentication Object, for example : 1234567890

28 Hands-On 3 Add default gateway to WAN 1 interface

29 Hands-On 3 Create IPsec for tunneling to Jakarta / Surabaya

30 Hands-On 3 Create Interface Group like this below :

31 Hands-On 3 Create IP Rule for tunnel and put it on the top :

32 Hands-On 3 Hub Jakarta Tunnel JKT-SBY Local Net : 192.168.1.0/24 (Spoke Bandung) and 192.168.0.0/24 (Hub Jakarta) Remote Net : 192.168.2.0/24 (Spoke Surabaya) Remote Gateway : 202.3.1.2 (Spoke Surabaya WAN) Tunnel JKT-BDG Local Net : 192.168.2.0/24 (Spoke Surabaya) and 192.168.0.0/24 (Hub Jakarta) Remote Net : 192.168.1.0/24 (Spoke Bandung) Remote Gateway : 202.2.1.2 (Spoke Bandung WAN)

33 Hands-On 3 Create Address Book like this below :

34 Hands-On 3 Create Authentication Object, for example : 1234567890

35 Hands-On 3 Add default gateway to WAN 1 interface

36 Hands-On 3 Create IPsec for tunneling to Surabaya

37 Hands-On 3 Create IPsec for tunneling to Bandung

38 Hands-On 3 Create Interface Group like this below :

39 Hands-On 3 Create IP Rule for tunnel and put it on the top :

40 Hands-On 3 Cek Main Routing Table and IPsec Status at Hub : Tunnel to Surabaya Tunnel to Bandung

41 Hands-On 3 Cek Main Routing Table and IPsec Status at Spoke Bandung : Tunnel to Jakarta and Surabaya

42 Hands-On 3 Cek Main Routing Table and IPsec Status at Spoke Surabaya : Tunnel to Jakarta and Bandung

43 Questions & Answers THANK YOU D-Link Call Center : 021-5731610 D-Link Support Email : security@dlink.co.id security@dlink.co.id D-Link Support Website : http://support.dlink.co.id http://support.dlink.co.id

Download ppt "2008 NetDefend Firewall Series Technical Training Firewall Fundamental - Part 2 ©Copyright 2008. All rights reserved."

Similar presentations

VPN Setup For Multiple OnCell G3150-HSDPA to One EDR-G903

VPN Setup For Multiple OnCell G3150-HSDPA to One EDR-G903
Configuring Internet Access for a Network. Overview Options for Connecting a Network to the Internet Configuring Internet Access by Using a Router Configuring.

Configuring Internet Access for a Network. Overview Options for Connecting a Network to the Internet Configuring Internet Access by Using a Router Configuring.
Business Solutions Network Security Solutions Gateway Security

Business Solutions Network Security Solutions Gateway Security
IT workshop for Interschool Online Debate 2004 Date: 13 Dec 2003 Venue: St. Bonaventure College.

IT workshop for Interschool Online Debate 2004 Date: 13 Dec 2003 Venue: St. Bonaventure College.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Instructor & Todd Lammle

Instructor & Todd Lammle
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Troubleshooting Working at a Small-to-Medium Business or ISP – Chapter 9.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Troubleshooting Working at a Small-to-Medium Business or ISP – Chapter 9.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.

Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
IDS configuration Yun Wang Martin Olsen Anna Paitian.

IDS configuration Yun Wang Martin Olsen Anna Paitian.
Hardware Firewall Feature © N. Ganesan, Ph.D.. Chapter Objectives Show the configuration of a hardware firewall such as Dlink DI 604 Illustrate the sharing.

Hardware Firewall Feature © N. Ganesan, Ph.D.. Chapter Objectives Show the configuration of a hardware firewall such as Dlink DI 604 Illustrate the sharing.
Networking DSC340 Mike Pangburn. Networking: Computers on the Internet  1969 – 4  1971 – 15  1984 – 1000  1987 – 10,000  1989 – 100,000  1992 –

Networking DSC340 Mike Pangburn. Networking: Computers on the Internet  1969 – 4  1971 – 15  1984 – 1000  1987 – 10,000  1989 – 100,000  1992 –
Internet Telephony PBX System

Internet Telephony PBX System
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 1 VPN Last Update 2010.11.29 1.3.0.

Copyright Kenneth M. Chipps Ph.D. 1 VPN Last Update
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.

Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.
TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.

TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.
DrayTek VPN Solution. Outline What is VPN What does VPN Do Supported VPN Protocol How Many Tunnels does Vigor Support VPN Application Special VPN Application.

DrayTek VPN Solution. Outline What is VPN What does VPN Do Supported VPN Protocol How Many Tunnels does Vigor Support VPN Application Special VPN Application.
Advanced Networking for DVRs

Advanced Networking for DVRs

Similar presentations

Ads by Google